[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: admin type user



On Mon, Feb 02, 2004 at 01:58:20PM -0600, Rick Weinbender wrote:
> The user needs access to /home directory and everything
> below it, but not anything higher in the tree.

If the groups approach elsewhere in the tree proves too unhandy, you
might want to investigate into the kernel patches that flexibilize the
traditional UNIX access control policy.  RSBAC is one I have tried
briefly.  It would do the job, though I have not gone into it deeply
enough to recommend or not to recommend it.

> (I've heard something about chroot doing this, but haven't
> tried it.  What's recommended?)

You could do something like ``chroot /home'', but as rootshells go,
escaping the jail would be trivial, AFAIK.

HTH.

-- 
Jan Minar                   "Please don't CC me, I'm subscribed." x 9

Attachment: pgp54VrZvw93x.pgp
Description: PGP signature


Reply to: